Canada's cybersecurity head offers rare insight into Nova Scotia Power breach
-
The head of Canada’s cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power.
The utility’s computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that.
About 280,000 customers — more than half of the utility’s customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver’s licences, social insurance numbers and banking information.
On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity.
Canada's cybersecurity head offers rare insight into Nova Scotia Power breach | CBC News
Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how cyberattacks can unfold, and what people and organizations like Nova Scotia Power can do to protect themselves.
CBC (www.cbc.ca)
-
The head of Canada’s cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power.
The utility’s computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that.
About 280,000 customers — more than half of the utility’s customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver’s licences, social insurance numbers and banking information.
On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity.
Canada's cybersecurity head offers rare insight into Nova Scotia Power breach | CBC News
Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how cyberattacks can unfold, and what people and organizations like Nova Scotia Power can do to protect themselves.
CBC (www.cbc.ca)
One of the things that we’ve been very mindful of … as the world gets more hostile, we’re worried about impacts to critical infrastructure like electrical guide grids, pipelines, these sorts of things. A lot of them are controlled by systems that were never meant to be connected to the Internet. Nowadays, as people are looking to optimize efficiency, and connect to cloud services and connect sensors to networks, they’re becoming more exposed to threat actors from around the world. Normally, your electrical grid would only be threatened by people that are actually in the country and nearby, but as soon as you connect it to the internet, you’re pretty much opening a lot of this up to people from anywhere.
This is why you need to use a Scada system like Ignition, which can replicate the database to a cloud or IT environment, and any non-administrators should be using that. Remote access for admins should be done via a PAM software running in a web browser, and optimally only accessible from a locked down Chromebook style device that cant run executables.
-
The head of Canada’s cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power.
The utility’s computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that.
About 280,000 customers — more than half of the utility’s customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver’s licences, social insurance numbers and banking information.
On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity.
Canada's cybersecurity head offers rare insight into Nova Scotia Power breach | CBC News
Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how cyberattacks can unfold, and what people and organizations like Nova Scotia Power can do to protect themselves.
CBC (www.cbc.ca)
SINs were included but the article doesn’t elaborate
This is a big fuck up and heads should roll
-
SINs were included but the article doesn’t elaborate
This is a big fuck up and heads should roll
Looks at Optus Australia, Medibank Australia Yea, nah not really Governments might find it easier to do something for the noisy customers at best
-
One of the things that we’ve been very mindful of … as the world gets more hostile, we’re worried about impacts to critical infrastructure like electrical guide grids, pipelines, these sorts of things. A lot of them are controlled by systems that were never meant to be connected to the Internet. Nowadays, as people are looking to optimize efficiency, and connect to cloud services and connect sensors to networks, they’re becoming more exposed to threat actors from around the world. Normally, your electrical grid would only be threatened by people that are actually in the country and nearby, but as soon as you connect it to the internet, you’re pretty much opening a lot of this up to people from anywhere.
This is why you need to use a Scada system like Ignition, which can replicate the database to a cloud or IT environment, and any non-administrators should be using that. Remote access for admins should be done via a PAM software running in a web browser, and optimally only accessible from a locked down Chromebook style device that cant run executables.
All of what you just typed translates to $$$ for the MBAs. Until management starts being publicly and severely punished for their fuckups you can look forward to your personal information being stolen and sold over and over for the rest of your life
-
The head of Canada’s cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power.
The utility’s computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that.
About 280,000 customers — more than half of the utility’s customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver’s licences, social insurance numbers and banking information.
On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity.
Canada's cybersecurity head offers rare insight into Nova Scotia Power breach | CBC News
Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how cyberattacks can unfold, and what people and organizations like Nova Scotia Power can do to protect themselves.
CBC (www.cbc.ca)
Remind me why the hell a power company needs to collect its customers’ socal insurance numbers in the first place?
